Matthew Garrett is a principal security engineer with 26 years of deep systems experience spanning firmware, kernel, and userland, currently shaping platform trust at NVIDIA and lecturing on OS security at UC Berkeley. He specializes in hardware-backed identity and attestation—TPMs, secure enclaves, and UEFI Secure Boot—and has implemented Zero Trust solutions from Google’s BeyondCorp to Aurora’s fleet-scale architecture for phones, laptops and semi trucks. A long-time contributor to Linux distributions and key open-source projects (notably the UEFI shim loader and thermal/ACPI tooling), he combines low-level engineering with pragmatic security productization. His background in computational genetics and unusual track record of solving fruitfly infestations hint at a methodical, hands-on approach to both analytics and real-world problem solving.
26 years of coding experience
23 years of employment as a software developer
PhD Genetics, PhD Genetics at University of Cambridge
Python module for controlling Broadlink RM2/3 (Pro) remote controls, A1 sensor platforms and SP2/3 smartplugs
Role in this project:
Back-end Developer
Contributions:1 review, 14 commits, 81 PRs in 2 years 11 months
Contributions summary:Matthew primarily contributed to the core logic and functionality of the Python-based Broadlink control module. Their work includes implementing new features for RF control, as demonstrated by the "Experimental RF code" commit which adds frequency scanning and RF packet detection capabilities. Additionally, the user made multiple version bumps, indicating ongoing development and maintenance of the project, and they merged changes, suggesting collaboration within the repository.
Contributions:1 review, 9 commits, 6 PRs in 8 years 9 months
Contributions summary:Matthew primarily focused on enhancing the security features of the UEFI shim loader. Their contributions included implementing support for measuring the second-stage loader and MOK variables within the TPM (Trusted Platform Module). They also integrated measures to verify the integrity of the shim and second-stage bootloaders by signing the MokManager with a locally-generated key and extending PCR 7 for enhanced security policies and also corrected a debug issue, ensuring that the secure boot functionality operates correctly. Furthermore, they removed a call to get_event_log() to improve efficiency and reduce the chances of event duplication in the system.
uefiloadershimtpm
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Matthew Garrett - Principal Security Engineer at NVIDIA